Don't treat CSRF tokens as optional session data for administrators (they're needed to allow them to edit anything! Fixes #95

(Also change wording of test namess to match usual rspec convention)
author: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 15:27:22 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 15:27:22 +0100
commit: 1e4243ee7507f6e3a3d1e15ec056d55d62e81ea7 (patch)
tree: 7e9b0723c86a6e230ce6eaa9f2bf064241e83c07 /app/controllers/admin_controller.rb
parent: d27cfb74d683104d4ce898639b47238d4dbcc544 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 375c19529..655670b5a 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -51,7 +51,10 @@ class AdminController < ApplicationController
             if !username.empty? && !password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
                     user_name == username && password == password
+                    session[:using_admin] = 1
                 end
+            else
+                session[:using_admin] = 1
             end
 	end
 end
author	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 15:27:22 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 15:27:22 +0100
commit	1e4243ee7507f6e3a3d1e15ec056d55d62e81ea7 (patch)
tree	7e9b0723c86a6e230ce6eaa9f2bf064241e83c07 /app/controllers/admin_controller.rb
parent	d27cfb74d683104d4ce898639b47238d4dbcc544 (diff)